Centos 6.6 Zabbix Server 2.4 with Nginx 1.6 and MySql 5.6

Starting from a minimal install.

step 1: enable extra repositories


yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install http://repo.zabbix.com/zabbix/2.4/rhel/6/x86_64/zabbix-release-2.4-1.el6.noarch.rpm

yum install http://dev.mysql.com/get/mysql-community-release-el6-5.noarch.rpm

yum install http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm

yum -y update

step 2: configure  mysql database


yum -y install mysql-server.x86_64

vim /etc/my.cnf

Your config file should be like these.

Note: I activate binlog without purge because can be useful if you need to recover data or attach a mysql slave.

 


# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

# Recommended in standard MySQL setup
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

#allow tcp connections
port = 3306

#innodb options
innodb_file_format=Barracuda
innodb_file_per_table
innodb_flush_method=O_DIRECT

#replication
log-bin=mysql-bin
binlog_format=MIXED
max_binlog_size=256M

#Enable performance schema
performance_schema

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

enable mysql daemon


chkconfig mysqld on

start mysql daemon

service mysqld start

secure mysql installation

/usr/bin/mysql_secure_installation

allow incoming 3306 connections


/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
service iptables save

step 3: configure database backup

This is important because after a lot of power outages and hard disk problems sometimes you can’t recover your database and restore a backup is faster than reinstall or the only way.


yum install wget pbzip2
mysql -uroot -p

create backup user


GRANT LOCK TABLES, SELECT ON *.* TO 'BACKUPUSER'@'%' IDENTIFIED BY 'PASSWORD';
flush privileges;
exit

install AutoMysqlBackup

wget http://www.mirrorservice.org/sites/downloads.sourceforge.net/a/au/automysqlbackup/AutoMySQLBackup/AutoMySQLBackup%20VER%203.0/automysqlbackup-v3.0_rc6.tar.gz
tar xzvf automysqlbackup-v3.0_rc6.tar.gz
/install.sh
mkdir /var/backup/
mkdir /var/backup/db

we need to adjust our config file


vim /etc/automysqlbackup/myserver.conf

should look like these

note: I select bzip because it gets better results


#version=3.0_rc2
# DONT'T REMOVE THE PREVIOUS VERSION LINE!
#
# Uncomment to change the default values (shown after =)
# WARNING:
# This is not true for UMASK, CONFIG_prebackup and CONFIG_postbackup!!!
#
# Default values are stored in the script itself. Declarations in
# /etc/automysqlbackup/automysqlbackup.conf will overwrite them. The
# declarations in here will supersede all other.

# Edit $PATH if mysql and mysqldump are not located in /usr/local/bin:/usr/bin:/bin:/usr/local/mysql/bin
#PATH=${PATH}:FULL_PATH_TO_YOUR_DIR_CONTAINING_MYSQL:FULL_PATH_TO_YOUR_DIR_CONTAINING_MYSQLDUMP

# Basic Settings

# Username to access the MySQL server e.g. dbuser
CONFIG_mysql_dump_username='backupuser'

# Password to access the MySQL server e.g. password
CONFIG_mysql_dump_password='yourbackupuserpass'

# Host name (or IP address) of MySQL server e.g localhost
CONFIG_mysql_dump_host='localhost'

# "Friendly" host name of MySQL server to be used in email log
# if unset or empty (default) will use CONFIG_mysql_dump_host instead
#CONFIG_mysql_dump_host_friendly=''

# Backup directory location e.g /backups
CONFIG_backup_dir='/var/backup/db'

# This is practically a moot point, since there is a fallback to the compression
# functions without multicore support in the case that the multicore versions aren't
# present in the system. Of course, if you have the latter installed, but don't want
# to use them, just choose no here.
# pigz -> gzip
# pbzip2 -> bzip2
CONFIG_multicore='yes'

# Number of threads (= occupied cores) you want to use. You should - for the sake
# of the stability of your system - not choose more than (#number of cores - 1).
# Especially if the script is run in background by cron and the rest of your system
# has already heavy load, setting this too high, might crash your system. Assuming
# all systems have at least some sort of HyperThreading, the default is 2 threads.
# If you wish to let pigz and pbzip2 autodetect or use their standards, set it to
# 'auto'.
CONFIG_multicore_threads='auto'

# Databases to backup

# List of databases for Daily/Weekly Backup e.g. ( 'DB1' 'DB2' 'DB3' ... )
# set to (), i.e. empty, if you want to backup all databases
CONFIG_db_names=()
# You can use
#declare -a MDBNAMES=( "${DBNAMES[@]}" 'added entry1' 'added entry2' ... )
# INSTEAD to copy the contents of $DBNAMES and add further entries (optional).

# List of databases for Monthly Backups.
# set to (), i.e. empty, if you want to backup all databases
#CONFIG_db_month_names=()

# List of DBNAMES to EXLUCDE if DBNAMES is empty, i.e. ().
CONFIG_db_exclude=( 'information_schema' 'performance_schema' )

# List of tables to exclude, in the form db_name.table_name
# You may use wildcards for the table names, i.e. 'mydb.a*' selects all tables starting with an 'a'.
# However we only offer the wildcard '*', matching everything that could appear, which translates to the
# '%' wildcard in mysql.
#CONFIG_table_exclude=()

# Advanced Settings

# Rotation Settings

# Which day do you want monthly backups? (01 to 31)
# If the chosen day is greater than the last day of the month, it will be done
# on the last day of the month.
# Set to 0 to disable monthly backups.
CONFIG_do_monthly="01"

# Which day do you want weekly backups? (1 to 7 where 1 is Monday)
# Set to 0 to disable weekly backups.
CONFIG_do_weekly="5"

# Set rotation of daily backups. VALUE*24hours
# If you want to keep only today's backups, you could choose 1, i.e. everything older than 24hours will be removed.
CONFIG_rotation_daily=6

# Set rotation for weekly backups. VALUE*24hours
CONFIG_rotation_weekly=35

# Set rotation for monthly backups. VALUE*24hours
CONFIG_rotation_monthly=150

# Server Connection Settings

# Set the port for the mysql connection
CONFIG_mysql_dump_port=3306

# Compress communications between backup server and MySQL server?
#CONFIG_mysql_dump_commcomp='no'

# Use ssl encryption with mysqldump?
#CONFIG_mysql_dump_usessl='yes'

# For connections to localhost. Sometimes the Unix socket file must be specified.
CONFIG_mysql_dump_socket='/var/lib/mysql/mysql.sock'

# The maximum size of the buffer for client/server communication. e.g. 16MB (maximum is 1GB)
#CONFIG_mysql_dump_max_allowed_packet=''

# This option sends a START TRANSACTION SQL statement to the server before dumping data. It is useful only with
# transactional tables such as InnoDB, because then it dumps the consistent state of the database at the time
# when BEGIN was issued without blocking any applications.
#
# When using this option, you should keep in mind that only InnoDB tables are dumped in a consistent state. For
# example, any MyISAM or MEMORY tables dumped while using this option may still change state.
#
# While a --single-transaction dump is in process, to ensure a valid dump file (correct table contents and
# binary log coordinates), no other connection should use the following statements: ALTER TABLE, CREATE TABLE,
# DROP TABLE, RENAME TABLE, TRUNCATE TABLE. A consistent read is not isolated from those statements, so use of
# them on a table to be dumped can cause the SELECT that is performed by mysqldump to retrieve the table
# contents to obtain incorrect contents or fail.
CONFIG_mysql_dump_single_transaction='yes'

# http://dev.mysql.com/doc/refman/5.0/en/mysqldump.html#option_mysqldump_master-data
# --master-data[=value]
# Use this option to dump a master replication server to produce a dump file that can be used to set up another
# server as a slave of the master. It causes the dump output to include a CHANGE MASTER TO statement that indicates
# the binary log coordinates (file name and position) of the dumped server. These are the master server coordinates
# from which the slave should start replicating after you load the dump file into the slave.
#
# If the option value is 2, the CHANGE MASTER TO statement is written as an SQL comment, and thus is informative only;
# it has no effect when the dump file is reloaded. If the option value is 1, the statement is not written as a comment
# and takes effect when the dump file is reloaded. If no option value is specified, the default value is 1.
#
# This option requires the RELOAD privilege and the binary log must be enabled.
#
# The --master-data option automatically turns off --lock-tables. It also turns on --lock-all-tables, unless
# --single-transaction also is specified, in which case, a global read lock is acquired only for a short time at the
# beginning of the dump (see the description for --single-transaction). In all cases, any action on logs happens at
# the exact moment of the dump.
# ==================================================================================================================
# possible values are 1 and 2, which correspond with the values from mysqldump
# VARIABLE=    , i.e. no value, turns it off (default)
#
#CONFIG_mysql_dump_master_data=

# Included stored routines (procedures and functions) for the dumped databases in the output. Use of this option
# requires the SELECT privilege for the mysql.proc table. The output generated by using --routines contains
# CREATE PROCEDURE and CREATE FUNCTION statements to re-create the routines. However, these statements do not
# include attributes such as the routine creation and modification timestamps. This means that when the routines
# are reloaded, they will be created with the timestamps equal to the reload time.
#
# If you require routines to be re-created with their original timestamp attributes, do not use --routines. Instead,
# dump and reload the contents of the mysql.proc table directly, using a MySQL account that has appropriate privileges
# for the mysql database.
#
# This option was added in MySQL 5.0.13. Before that, stored routines are not dumped. Routine DEFINER values are not
# dumped until MySQL 5.0.20. This means that before 5.0.20, when routines are reloaded, they will be created with the
# definer set to the reloading user. If you require routines to be re-created with their original definer, dump and
# load the contents of the mysql.proc table directly as described earlier.
#
CONFIG_mysql_dump_full_schema='yes'

# Backup status of table(s) in textfile. This is very helpful when restoring backups, since it gives an idea, what changed
# in the meantime.
CONFIG_mysql_dump_dbstatus='yes'

# Backup dump settings

# Include CREATE DATABASE in backup?
CONFIG_mysql_dump_create_database='no'

# Separate backup directory and file for each DB? (yes or no)
CONFIG_mysql_dump_use_separate_dirs='yes'

# Choose Compression type. (gzip or bzip2)
CONFIG_mysql_dump_compression='bzip2'

# Store an additional copy of the latest backup to a standard
# location so it can be downloaded by third party scripts.
CONFIG_mysql_dump_latest='yes'

# Remove all date and time information from the filenames in the latest folder.
# Runs, if activated, once after the backups are completed. Practically it just finds all files in the latest folder
# and removes the date and time information from the filenames (if present).
CONFIG_mysql_dump_latest_clean_filenames='no'

# Create differential backups. Master backups are created weekly at #$CONFIG_do_weekly weekday. Between master backups,
# diff is used to create differential backups relative to the latest master backup. In the Manifest file, you find the
# following structure
# $filename     md5sum  $md5sum diff_id $diff_id        rel_id  $rel_id
# where each field is separated by the tabular character '\t'. The entries with $ at the beginning mean the actual values,
# while the others are just for readability. The diff_id is the id of the differential or master backup which is also in
# the filename after the last _ and before the suffixes begin, i.e. .diff, .sql and extensions. It is used to relate
# differential backups to master backups. The master backups have 0 as $rel_id and are thereby identifiable. Differential
# backups have the id of the corresponding master backup as $rel_id.
#
# To ensure that master backups are kept long enough, the value of $CONFIG_rotation_daily is set to a minimum of 21 days.
#
CONFIG_mysql_dump_differential='no'

# Notification setup

# What would you like to be mailed to you?
# - log   : send only log file
# - files : send log file and sql files as attachments (see docs)
# - stdout : will simply output the log to the screen if run manually.
# - quiet : Only send logs if an error occurs to the MAILADDR.
CONFIG_mailcontent='stdout'

# Set the maximum allowed email size in k. (4000 = approx 5MB email [see docs])
CONFIG_mail_maxattsize=4000

# Allow packing of files with tar and splitting it in pieces of CONFIG_mail_maxattsize.
#CONFIG_mail_splitandtar='yes'

# Use uuencode instead of mutt. WARNING: Not all email clients work well with uuencoded attachments.
#CONFIG_mail_use_uuencoded_attachments='no'

# Email Address to send mail to? (user@domain.com)
CONFIG_mail_address='luzem@luzem.com'

# Encryption

# Do you wish to encrypt your backups using openssl?
#CONFIG_encrypt='no'

# Choose a password to encrypt the backups.
#CONFIG_encrypt_password='password0123'

# Other

# Backup local files, i.e. maybe you would like to backup your my.cnf (mysql server configuration), etc.
# These files will be tar'ed, depending on your compression option CONFIG_mysql_dump_compression compressed and
# depending on the option CONFIG_encrypt encrypted.
#
# Note: This could also have been accomplished with CONFIG_prebackup or CONFIG_postbackup.
#CONFIG_backup_local_files=()

# Command to run before backups (uncomment to use)
#CONFIG_prebackup="/etc/mysql-backup-pre"

# Command run after backups (uncomment to use)
#CONFIG_postbackup="/etc/mysql-backup-post"

# Uncomment to activate! This will give folders rwx------
# and files rw------- permissions.
#umask 0077

# dry-run, i.e. show what you are gonna do without actually doing it
# inactive: =0 or commented out
# active: uncommented AND =1
#CONFIG_dryrun=1

at next step we add a cron line to run our backup every day


vim /etc/cron.daily/runmysqlbackup

the content should be like these


#!/bin/sh
/usr/local/bin/automysqlbackup /etc/automysqlbackup/myserver.conf
chown root.root /var/backup/db* -R
find /var/backup/db* -type f -exec chmod 400 {} \;
find /var/backup/db* -type d -exec chmod 700 {} \;

you should make your script executable


chmod +x /etc/cron.daily/runmysqlbackup

if you wanna try just execute


/etc/cron.daily/runmysqlbackup

and check /var/backup/db directory

and now you will have a daily backup 😛

Step 4: Install  zabbix server

 

yum install zabbix-server-mysql zabbix-web-mysql zabbix-agent
service zabbix-server start
service zabbix-agent start
chkconfig zabbix-agent on

 

 

we need to create a zabbix database user and a zabbix database

mysql -uroot -p

 

execute these sentences

create database zabbix character set utf8 collate utf8_bin;
grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbixdatabasepasword';
flush privileges;
exit

 

next step is populate table structures

note: sql commands should changue check a should be in /usr/share/doc/zabbix-server-mysql-<version>/create


 mysql -uroot -p zabbix &amp;amp;lt; /usr/share/doc/zabbix-server-mysql-2.4.2/create/schema.sql
 mysql -uroot -p zabbix &amp;amp;lt; /usr/share/doc/zabbix-server-mysql-2.4.2/create/images.sql
 mysql -uroot -p zabbix &amp;amp;lt; /usr/share/doc/zabbix-server-mysql-2.4.2/create/data.sql

 

at this point we have out zabbix database its time to link zabbix and database


vim /etc/zabbix/zabbix_server.conf

 

your config file shoul be like these


# This is a configuration file for Zabbix Server process
# To get more information about Zabbix,
# visit http://www.zabbix.com

############ GENERAL PARAMETERS #################

### Option: ListenPort
#       Listen port for trapper.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10051

### Option: SourceIP
#       Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=

### Option: LogFile
#       Name of log file.
#       If not set, syslog is used.
#
# Mandatory: no
# Default:
# LogFile=

LogFile=/var/log/zabbix/zabbix_server.log

### Option: LogFileSize
#       Maximum size of log file in MB.
#       0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1

LogFileSize=0

### Option: DebugLevel
#       Specifies debug level
#       0 - basic information about starting and stopping of Zabbix processes
#       1 - critical information
#       2 - error information
#       3 - warnings
#       4 - for debugging (produces lots of information)
#
# Mandatory: no
# Range: 0-4
# Default:
# DebugLevel=3

### Option: PidFile
#       Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_server.pid

PidFile=/var/run/zabbix/zabbix_server.pid

### Option: DBHost
#       Database host name.
#       If set to localhost, socket is used for MySQL.
#       If set to empty string, socket is used for PostgreSQL.
#
# Mandatory: no
# Default:
DBHost=localhost

### Option: DBName
#       Database name.
#       For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
#
# Mandatory: yes
# Default:
# DBName=

DBName=zabbix

### Option: DBSchema
#       Schema name. Used for IBM DB2 and PostgreSQL.
#
# Mandatory: no
# Default:
# DBSchema=

### Option: DBUser
#       Database user. Ignored for SQLite.
#
# Mandatory: no
# Default:
# DBUser=

DBUser=zabbix

### Option: DBPassword
#       Database password. Ignored for SQLite.
#       Comment this line if no password is used.
#
# Mandatory: no
# Default:
DBPassword=zabbixdatabasepasword

### Option: DBSocket
#       Path to MySQL socket.
#
# Mandatory: no
# Default:
# DBSocket=/tmp/mysql.sock

DBSocket=/var/lib/mysql/mysql.sock

### Option: DBPort
#       Database port when not using local socket. Ignored for SQLite.
#
# Mandatory: no
# Range: 1024-65535
# Default (for MySQL):
# DBPort=3306

############ ADVANCED PARAMETERS ################

### Option: StartPollers
#       Number of pre-forked instances of pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollers=5

### Option: StartIPMIPollers
#       Number of pre-forked instances of IPMI pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartIPMIPollers=0

### Option: StartPollersUnreachable
#       Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
#       At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
#       are started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollersUnreachable=1

### Option: StartTrappers
#       Number of pre-forked instances of trappers.
#       Trappers accept incoming connections from Zabbix sender, active agents and active proxies.
#       At least one trapper process must be running to display server availability and view queue
#       in the frontend.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartTrappers=5

### Option: StartPingers
#       Number of pre-forked instances of ICMP pingers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPingers=1

### Option: StartDiscoverers
#       Number of pre-forked instances of discoverers.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartDiscoverers=1

### Option: StartHTTPPollers
#       Number of pre-forked instances of HTTP pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHTTPPollers=1

### Option: StartTimers
#       Number of pre-forked instances of timers.
#       Timers process time-based trigger functions and maintenance periods.
#       Only the first timer process handles the maintenance periods.
#
# Mandatory: no
# Range: 1-1000
# Default:
# StartTimers=1

### Option: JavaGateway
#       IP address (or hostname) of Zabbix Java gateway.
#       Only required if Java pollers are started.
#
# Mandatory: no
# Default:
# JavaGateway=

### Option: JavaGatewayPort
#       Port that Zabbix Java gateway listens on.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# JavaGatewayPort=10052

### Option: StartJavaPollers
#       Number of pre-forked instances of Java pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartJavaPollers=0

### Option: StartVMwareCollectors
#       Number of pre-forked vmware collector instances.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartVMwareCollectors=0

### Option: VMwareFrequency
#       How often Zabbix will connect to VMware service to obtain a new data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwareFrequency=60

### Option: VMwareCacheSize
#       Size of VMware cache, in bytes.
#       Shared memory size for storing VMware data.
#       Only used if VMware collectors are started.
#
# Mandatory: no
# Range: 256K-2G
# Default:
# VMwareCacheSize=8M

### Option: SNMPTrapperFile
#       Temporary file used for passing data from SNMP trap daemon to the server.
#       Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
#
# Mandatory: no
# Default:
# SNMPTrapperFile=/tmp/zabbix_traps.tmp

SNMPTrapperFile=/var/log/snmptt/snmptt.log

### Option: StartSNMPTrapper
#       If 1, SNMP trapper process is started.
#
# Mandatory: no
# Range: 0-1
# Default:
# StartSNMPTrapper=0

### Option: ListenIP
#       List of comma delimited IP addresses that the trapper should listen on.
#       Trapper will listen on all network interfaces if this parameter is missing.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0

# ListenIP=127.0.0.1

### Option: HousekeepingFrequency
#       How often Zabbix will perform housekeeping procedure (in hours).
#       Housekeeping is removing outdated information from the database.
#       To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
#       hours of outdated information are deleted in one housekeeping cycle, for each item.
#       To lower load on server startup housekeeping is postponed for 30 minutes after server start.
#
# Mandatory: no
# Range: 1-24
# Default:
# HousekeepingFrequency=1

### Option: MaxHousekeeperDelete
#       The table &amp;amp;quot;housekeeper&amp;amp;quot; contains &amp;amp;quot;tasks&amp;amp;quot; for housekeeping procedure in the format:
#       [housekeeperid], [tablename], [field], [value].
#       No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value])
#       will be deleted per one task in one housekeeping cycle.
#       SQLite3 does not use this parameter, deletes all corresponding rows without a limit.
#       If set to 0 then no limit is used at all. In this case you must know what you are doing!
#
# Mandatory: no
# Range: 0-1000000
# Default:
# MaxHousekeeperDelete=500

### Option: SenderFrequency
#       How often Zabbix will try to send unsent alerts (in seconds).
#
# Mandatory: no
# Range: 5-3600
# Default:
# SenderFrequency=30

### Option: CacheSize
#       Size of configuration cache, in bytes.
#       Shared memory size for storing host, item and trigger data.
#
# Mandatory: no
# Range: 128K-8G
# Default:
# CacheSize=8M

### Option: CacheUpdateFrequency
#       How often Zabbix will perform update of configuration cache, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# CacheUpdateFrequency=60

### Option: StartDBSyncers
#       Number of pre-forked instances of DB Syncers
#
# Mandatory: no
# Range: 1-100
# Default:
# StartDBSyncers=4

### Option: HistoryCacheSize
#       Size of history cache, in bytes.
#       Shared memory size for storing history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryCacheSize=8M

### Option: TrendCacheSize
#       Size of trend cache, in bytes.
#       Shared memory size for storing trends data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# TrendCacheSize=4M

### Option: HistoryTextCacheSize
#       Size of text history cache, in bytes.
#       Shared memory size for storing character, text or log history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryTextCacheSize=16M

### Option: ValueCacheSize
#       Size of history value cache, in bytes.
#       Shared memory size for caching item history data requests.
#       Setting to 0 disables value cache.
#
# Mandatory: no
# Range: 0,128K-64G
# Default:
# ValueCacheSize=8M

### Option: Timeout
#       Specifies how long we wait for agent, SNMP device or external check (in seconds).
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3

### Option: TrapperTimeout
#       Specifies how many seconds trapper may spend processing new data.
#
# Mandatory: no
# Range: 1-300
# Default:
# TrapperTimeout=300

### Option: UnreachablePeriod
#       After how many seconds of unreachability treat a host as unavailable.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachablePeriod=45

### Option: UnavailableDelay
#       How often host is checked for availability during the unavailability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnavailableDelay=60

### Option: UnreachableDelay
#       How often host is checked for availability during the unreachability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachableDelay=15

### Option: AlertScriptsPath
#       Full path to location of custom alert scripts.
#       Default depends on compilation options.
#
# Mandatory: no
# Default:
# AlertScriptsPath=${datadir}/zabbix/alertscripts

AlertScriptsPath=/usr/lib/zabbix/alertscripts

### Option: ExternalScripts
#       Full path to location of external scripts.
#       Default depends on compilation options.
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts

ExternalScripts=/usr/lib/zabbix/externalscripts

### Option: FpingLocation
#       Location of fping.
#       Make sure that fping binary has root ownership and SUID flag set.
#
# Mandatory: no
# Default:
# FpingLocation=/usr/sbin/fping

### Option: Fping6Location
#       Location of fping6.
#       Make sure that fping6 binary has root ownership and SUID flag set.
#       Make empty if your fping utility is capable to process IPv6 addresses.
#
# Mandatory: no
# Default:
# Fping6Location=/usr/sbin/fping6

### Option: SSHKeyLocation
#       Location of public and private keys for SSH checks and actions.
#
# Mandatory: no
# Default:
# SSHKeyLocation=

### Option: LogSlowQueries
#       How long a database query may take before being logged (in milliseconds).
#       Only works if DebugLevel set to 3 or 4.
#       0 - don't log slow queries.
#
# Mandatory: no
# Range: 1-3600000
# Default:
# LogSlowQueries=0

### Option: TmpDir
#       Temporary directory.
#
# Mandatory: no
# Default:
# TmpDir=/tmp

### Option: StartProxyPollers
#       Number of pre-forked instances of pollers for passive proxies.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartProxyPollers=1

### Option: ProxyConfigFrequency
#       How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds.
#       This parameter is used only for proxies in the passive mode.
#
# Mandatory: no
# Range: 1-3600*24*7
# Default:
# ProxyConfigFrequency=3600

### Option: ProxyDataFrequency
#       How often Zabbix Server requests history data from a Zabbix Proxy in seconds.
#       This parameter is used only for proxies in the passive mode.
#
# Mandatory: no
# Range: 1-3600
# Default:
# ProxyDataFrequency=1

### Option: AllowRoot
#       Allow the server to run as 'root'. If disabled and the server is started by 'root', the server
#       will try to switch to the user specified by the User configuration option instead.
#       Has no effect if started under a regular user.
#       0 - do not allow
#       1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0

### Option: User
#       Drop privileges to a specific, existing user on the system.
#       Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix

### Option: Include
#       You may include individual files or all files in a directory in the configuration file.
#       Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=

# Include=/usr/local/etc/zabbix_server.general.conf
# Include=/usr/local/etc/zabbix_server.conf.d/
# Include=/usr/local/etc/zabbix_server.conf.d/*.conf

### Option: SSLCertLocation
#       Location of SSL client certificates.
#       This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCertLocation=${datadir}/zabbix/ssl/certs

### Option: SSLKeyLocation
#       Location of private keys for SSL client certificates.
#       This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLKeyLocation=${datadir}/zabbix/ssl/keys

### Option: SSLCALocation
#       Override the location of certificate authority (CA) files for SSL server certificate verification.
#       If not set, system-wide directory will be used.
#       This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCALocation=

####### LOADABLE MODULES #######

### Option: LoadModulePath
#       Full path to location of server modules.
#       Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules

### Option: LoadModule
#       Module to load at server startup. Modules are used to extend functionality of the server.
#       Format: LoadModule=&amp;amp;lt;module.so&amp;amp;gt;
#       The modules must be located in directory specified by LoadModulePath.
#       It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=

 

its time to start our service and let it enabled


service zabbix-server start
chkconfig  zabbix-server on
setsebool -P zabbix_can_network 1

Step 4: Configure nginx and php-fpm server

We need to install several packages and open port 80 (http)


yum -y install nginx php-common php-fpm
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 80 -j ACCEPT
service iptables save
chkconfig nginx on
chkconfig php-fpm  on
service nginx start
service php-fpm start

open a web browser and put your zabbix ip on it you should view a page like these

welcome nginx

we need to adjust some php values


vim /etc/php.ini

changue these values


max_execution_time = 300

max_input_time = 300
post_max_size = 16M

date.timezone = Europe/Madrid

cgi.fix_pathinfo=1

if you don’t live in Spain here you have a list of timezones http://php.net/manual/en/timezones.php

next step is add zabbix domain to nginx


vim /etc/nginx/conf.d/zabbix.conf

file should look like these


server {
server_name zabbix.example.org;

root        /var/www/zabbix;
index       index.html index.php;
access_log  /var/log/nginx/access_zabbix.log main;
error_log   /var/log/nginx/error_zabbix.log error

location ~ \.php {
include fastcgi_params;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_intercept_errors on;
fastcgi_pass    unix:/var/run/php-zabbix.socket;
fastcgi_index   index.php;
fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}

next step is configure zabbix in php-fpm pool


 mkdir /var/lib/php/zabbix_php-fpm

chmod 770 /var/lib/php/zabbix_php-fpm/

chown root:nginx /var/lib/php/zabbix_php-fpm/

 vim /etc/php-fpm.d/zabbix.conf

 

config file should be like these


; Start a new pool named 'zabbix'.
[zabbix]

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses on a
;                            specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php-zabbix.socket

; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1

; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0666
listen.owner = nginx
listen.group = nginx
listen.mode = 0666

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;             following directives:
;             pm.max_children      - the maximum number of children that can
;                                    be alive at the same time.
;             pm.start_servers     - the number of children created on startup.
;             pm.min_spare_servers - the minimum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is less than this
;                                    number then some children will be created.
;             pm.max_spare_servers - the maximum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is greater than this
;                                    number then some children will be killed.
; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes to be created when pm is set to 'dynamic'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to either 'static' or 'dynamic'
; Note: This value is mandatory.
pm.max_children = 50

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 35

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. By default, the status page shows the following
; information:
;   accepted conn    - the number of request accepted by the pool;
;   pool             - the name of the pool;
;   process manager  - static or dynamic;
;   idle processes   - the number of idle processes;
;   active processes - the number of active processes;
;   total processes  - the number of idle + active processes.
; The values of 'idle processes', 'active processes' and 'total processes' are
; updated each second. The value of 'accepted conn' is updated in real time.
; Example output:
;   accepted conn:   12073
;   pool:             www
;   process manager:  static
;   idle processes:   35
;   active processes: 65
;   total processes:  100
; By default the status page output is formatted as text/plain. Passing either
; 'html' or 'json' as a query string will return the corresponding output
; syntax. Example:
;  
;  
;  
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status

; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/zabbix-slow.log

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: chrooting is a great security feature and should be used whenever
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =

; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
;chdir = /var/www

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Default Value: no
catch_workers_output = yes

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
security.limit_extensions = .php .php3 .php4 .php5

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'.
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/zabbix-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M

; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] =  /var/lib/php/zabbix_php-fpm/

 

its time to changue permissions allowing nginx

chown nginx:nginx /etc/zabbix/web/
ln -s /usr/share/zabbix /var/www/
service php-fpm restart
service nginx restart
setsebool -P httpd_can_network_connect  on

 

Open a web browser pointing to your domain and you should can view these screen

zabbix instalation screen

follow screen instructions and enjoy your new motorization service

And advice restart your server for check that everything will work ok if a power outage or another problem appears

webs from where i take info

creating a mysql  backup user — http://bencane.com/2011/12/12/creating-a-read-only-backup-user-for-mysqldump/

Zabbix with nginx  — http://qiita.com/ksworks/items/911561ef22687a13a70c

Nginx php-fpm secure — https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/

 

Enable ssh access on a Iomega ix4-200d

If you need to enable ssh access in your nas device is easy.

For example if your nas ip is 192.168.0.24 open a web browser with  https://192.168.0.24/supportaccess.html

ix4-200d enable sshmark Allow remote access for support (SSH and SFTP)

click apply and iomega ix4-200d will reboot

to access over ssh your need to add soho prefix in your password. For example if your admin password  is peter your ssh password will be sohopeter

Centos 7 recover grub

I use an old computer for testing purposes at home, one problem of grub is when you install a windows system it removes grub and you can’t access to your Centos 7 system.

reinstall grub is really easy.

step 1.

Boot your computer from a dvd o flash memory with centos 7 install disk

step 2.

select troubleshooting menu

Centos 7 boot troubleshootingstep 3

Select rescue a Centos system

centos 7 rescue a centos systemStep 4

when boot ask you how to mount a system select continue and it gives you access to a shell.

Centos 7 grub recoverwrite

grub2-install –root-directory=/mnt/sysimage/ /dev/sda

a then reboot

Enjoy

 

Intalling PureFtpd in Centos6.x with virtual users

If you need to create virtual users in your ftp server and need some features like maps your users against a database table, automatic user folder creation and more vsftpd doesn’t fit very well. In one of my adventures as sysadmin i need to setup a ftp server with virtual users. Here the steps that I follo to get this.

Step 1: Enable epel repos

rpm -i http://ftp.cica.es/epel/6/x86_64/epel-release-6-8.noarch.rpm

Step 2: Intall required packages.

yum install pure-ftpd pure-ftpd-selinux mysql-server ftp

Step 3: Enable Services

chkconfig  mysqld on

chkconfig pure-ftpd on

service mysqld start

service pure-ftpd start

Step 4: Create system user where virtual users will be stored

groupadd ftpgroup

useradd ftpusers

usermod  -g ftpgroup ftpusers

usermod -s /sbin/nologin ftpusers

Step 5: Create Mysql user and database

mysql -u root -p

CREATE DATABASE pureftpd;

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO ‘pureftpd’@’localhost’ IDENTIFIED BY ‘ftpdpass’;

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO ‘pureftpd’@’localhost.localdomain’ IDENTIFIED BY ‘ftpdpass’;

FLUSH PRIVILEGES;

USE pureftpd;

CREATE TABLE ftpd ( User varchar(16) NOT NULL default ”, status enum(‘0′,’1’) NOT NULL default ‘0’, Password varchar(64) NOT NULL default ”, Uid varchar(11) NOT NULL default ‘-1’, Gid varchar(11) NOT NULL default ‘-1’, Dir varchar(128) NOT NULL default ”, ULBandwidth smallint(5) NOT NULL default ‘0’, DLBandwidth smallint(5) NOT NULL default ‘0’, comment tinytext NOT NULL, ipaccess varchar(15) NOT NULL default ‘*’, QuotaSize smallint(5) NOT NULL default ‘0’, QuotaFiles int(11) NOT NULL default 0, PRIMARY KEY (User), UNIQUE KEY User (User)) ENGINE=InnoDB;

quit;

Step 6: Configure PuteFTPD

vi /etc/pure-ftpd/pure-ftpd.conf

Should be similar to this content:

############################################################
#                                                          #
#         Configuration file for pure-ftpd wrappers        #
#                                                          #
############################################################

# If you want to run Pure-FTPd with this configuration
# instead of command-line options, please run the
# following command :
#
# /usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf
#
# Please don’t forget to have a look at documentation at
# http://www.pureftpd.org/documentation.shtml for a complete list of
# options.

# Cage in every user in his home directory

ChrootEveryone              yes

# If the previous option is set to “no”, members of the following group
# won’t be caged. Others will be. If you don’t want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.

# TrustedGID                    100

# Turn on compatibility hacks for broken clients

BrokenClientsCompatibility  no

# Maximum number of simultaneous users

MaxClientsNumber            50

# Fork in background

Daemonize                   yes

# Maximum number of sim clients with the same IP address

MaxClientsPerIP             8

# If you want to log all client commands, set this to “yes”.
# This directive can be duplicated to also log server responses.

VerboseLog                  yes

# List dot-files even when the client doesn’t send “-a”.

DisplayDotFiles             yes

# Don’t allow authenticated users – have a public anonymous FTP only.

AnonymousOnly               no

# Disallow anonymous connections. Only allow authenticated users.

NoAnonymous                 yes

# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is “ftp”. “none” disables logging.

SyslogFacility              ftp

# Display fortune cookies

# FortunesFile              /usr/share/fortune/zippy

# Don’t resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to “yes” on very busy servers or
# if you don’t have a working DNS.

DontResolve                 yes

# Maximum idle time in minutes (default = 15 minutes)

MaxIdleTime                 15

# LDAP configuration file (see README.LDAP)

# LDAPConfigFile                /etc/pure-ftpd/pureftpd-ldap.conf

# MySQL configuration file (see README.MySQL)

MySQLConfigFile               /etc/pure-ftpd/pureftpd-mysql.conf

# Postgres configuration file (see README.PGSQL)

# PGSQLConfigFile               /etc/pure-ftpd/pureftpd-pgsql.conf

# PureDB user database (see README.Virtual-Users)

# PureDB                        /etc/pure-ftpd/pureftpd.pdb

# Path to pure-authd socket (see README.Authentication-Modules)

# ExtAuth                       /var/run/ftpd.sock

# If you want to enable PAM authentication, uncomment the following line

PAMAuthentication             yes

# If you want simple Unix (/etc/passwd) authentication, uncomment this

# UnixAuthentication            yes

# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn’t found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.

# ‘ls’ recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth

LimitRecursion              10000 8

# Are anonymous users allowed to create new directories ?

AnonymousCanCreateDirs      no

# If the system is more loaded than the following value,
# anonymous users aren’t allowed to download.

MaxLoad                     4

# Port range for passive connections replies. – for firewalling.

# PassivePortRange          30000 50000

# Force an IP address in PASV/EPSV/SPSV replies. – for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.

# ForcePassiveIP                192.168.0.1

# Upload/download ratio for anonymous users.

# AnonymousRatio                1 10

# Upload/download ratio for all users.
# This directive superscedes the previous one.

# UserRatio                 1 10

# Disallow downloading of files owned by “ftp”, ie.
# files that were uploaded but not validated by a local admin.

AntiWarez                   yes

# IP address/port to listen to (default=all IP and port 21).

# Bind                      127.0.0.1,21

# Maximum bandwidth for anonymous users in KB/s

# AnonymousBandwidth            8

# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.

# UserBandwidth             8

# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.

Umask                       133:022

# Minimum UID for an authenticated user to log in.

MinUID                      500

# Do not use the /etc/ftpusers file to disable accounts. We’re already
# using MinUID to block users with uid < 500

UseFtpUsers no

# Allow FXP transfers for authenticated users.

AllowUserFXP                no

# Allow anonymous FXP for anonymous and non-anonymous users.

AllowAnonymousFXP           no

# Users can’t delete/write files beginning with a dot (‘.’)
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.

ProhibitDotFilesWrite       no

# Prohibit *reading* of files beginning with a dot (.history, .ssh…)

ProhibitDotFilesRead        no

# Never overwrite files. When a file whoose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, …

AutoRename                  no

# Disallow anonymous users to upload new files (no = upload is allowed)

AnonymousCantUpload         yes

# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.

#TrustedIP                  10.1.1.1

# If you want to add the PID to every logged line, uncomment the following
# line.

#LogPID                     yes

# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org – jedi [13/Dec/1975:19:36:39] “GET /ftp/linux.tar.bz2” 200 21809338
# This log file can then be processed by www traffic analyzers.

AltLog                     clf:/var/log/pureftpd.log

# Create an additional log file with transfers logged in a format optimized
# for statistic reports.

# AltLog                     stats:/var/log/pureftpd.log

# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)

# AltLog                     w3c:/var/log/pureftpd.log

# Disallow the CHMOD command. Users can’t change perms of their files.

#NoChmod                     yes

# Allow users to resume and upload files, but *NOT* to delete them.

#KeepAllFiles                yes

# Automatically create home directories if they are missing

CreateHomeDir               yes

# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.

#Quota                       1000:10

# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid

#PIDFile                     /var/run/pure-ftpd.pid

# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
# Don’t enable this option if you don’t actually use pure-uploadscript.

#CallUploadScript yes

# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.

MaxDiskUsage               99

# Set to ‘yes’ if you don’t want your users to rename files.

#NoRename                  yes

# Be ‘customer proof’ : workaround against common customer mistakes like
# ‘chmod 0 public_html’, that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you’re sure all your users have some basic Unix
# knowledge, this feature is useless. If you’re a hosting service, enable it.

CustomerProof              yes

# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with –with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is : <max sessions per user>:<max anonymous sessions>
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.

# PerUserLimits            3:20

# When a file is uploaded and there is already a previous version of the file
# with the same name, the old file will neither get removed nor truncated.
# Upload will take place in a temporary file and once the upload is complete,
# the switch to the new version will be atomic. For instance, when a large PHP
# script is being uploaded, the web server will still serve the old version and
# immediatly switch to the new one as soon as the full file will have been
# transfered. This option is incompatible with virtual quotas.

# NoTruncate               yes

# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don’t use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (–with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

# TLS                      1

# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
# By default, both IPv4 and IPv6 are enabled.

# IPV4Only                 yes

# Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
# By default, both IPv4 and IPv6 are enabled.

# IPV6Only                 yes

# UTF-8 support for file names (RFC 2640)
# Define charset of the server filesystem and optionnally the default charset
# for remote clients if they don’t use UTF-8.
# Works only if pure-ftpd has been compiled with –with-rfc2640

# FileSystemCharset    big5
# ClientCharset        big5
[/sourcecode]Step 7: Configure PureFTPD mysql link

vi /etc/pure-ftpd/pureftpd-mysql.conf

##############################################
#                                            #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations.         #
#                                            #
##############################################

# Optional : MySQL server name or IP. Don't define this for unix sockets.

#MYSQLServer     127.0.0.1

# Optional : MySQL port. Don't define this if a local unix socket is used.

#MYSQLPort       3306

# Optional : define the location of mysql.sock if the server runs on this host.

MYSQLSocket     /var/lib/mysql/mysql.sock

# Mandatory : user to bind the server as.

MYSQLUser       pureftpd

# Mandatory : user password. You must have a password.

MYSQLPassword   ftpdpass

# Mandatory : database to open.

MYSQLDatabase   pureftpd

# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"

MYSQLCrypt      md5

# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.

# Query to execute in order to fetch the password

MYSQLGetPW      SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

# Query to execute in order to fetch the system user name or uid

MYSQLGetUID     SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

# Optional : default UID - if set this overrides MYSQLGetUID

#MYSQLDefaultUID 1000

# Query to execute in order to fetch the system user group or gid

MYSQLGetGID     SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

# Optional : default GID - if set this overrides MYSQLGetGID

#MYSQLDefaultGID 1000

# Query to execute in order to fetch the home directory

MYSQLGetDir     SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTAFS  SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTASZ  SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

# Optional : ratios. The server has to be compiled with ratio support.

# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User='\L'
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User='\L'

# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .

MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.

# MySQLForceTildeExpansion 1

# If you're using a transactionnal storage engine, you can enable SQL
# transactions to avoid races. Leave this commented if you are using the
# traditionnal MyIsam engine.

MySQLTransactions On

Step 8: Configure selinux

setsebool -P allow_ftpd_full_access=1
setsebool -P ftp_home_dir on
setsebool -P allow_ftpd_full_access on

Step 8: Test if configuration is working

service pure-ftpd restart

Adding Hard Disk by UUID in Centos

Suppose that you create a fake Time Capsule with a Centos Server

HP MicroserverAnd suppose that you get a lot of new hard disk, and one of your fears is that one day you need to remove all hard disk from the server for make a maintenance operation. Will you remember the order when you want to add it again? Probably no, and when you switch on the server the mount points has been changed and a lot of Macs are overwriting the last backup or all the time capsule users call you saying.

My time machine shows a warning message,

Where are my backups?

I need my backups now because i was editing a file and I need the version of 24 hours ago NOW.

The solution is use UUID

I added the new hard disk one by one, create the needed partitions

fdisk /dev/sdx or gdisk /dev/sdx if you want gpt

mkfs.ext4 /dev/sdx1

blkid

 

Ovirt Guest Agent on Windows XP

oVirt

On the windows machine install

Python 2.7.3 for Windows.
http://www.python.org/ftp/python/2.7.3/python-2.7.3.msi

Add python route into the PATH variable

Install Python for Windows extension (pywin32) version 216 for Python 2.7
http://sourceforge.net/projects/pywin32/files/pywin32/Build216/pywin32-216.win32-py2.7.exe/download

Download ovirt guest agent source code
https://github.com/oVirt/ovirt-guest-agent/archive/master.zip

uncompress the code and copy the folder ovirt-guest-agent to a localitation like  C:\ovirt-guest-agent

Open the file ovirt-guest-agent.py and edit the line

AGENT_CONFIG = ‘/etc/ovirt-guest-agent.conf’

to

AGENT_CONFIG = ‘C:\ovirt-guest-agent\ovirt-guest-agent.conf’

finally

open a msdos console

cd C;\ovirt-guest-agent

python OVirtGuestService.py install

net start OVirtGuestService

Fedora 19 Network Bonding without networkmanager

fedora_19_bonding

If your new server has two network interfaces use both in bonding can help you to get a better performance or failover tolerance.

If you want to create a bonding device first you need to disable network manager.

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service

systemctl enable network.service
systemctl start network.service

Now you need to configure your network interfaces

ip link show

is the way to get your devices list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p33p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether ca:fe:ca:fe:ca:fe brd ff:ff:ff:ff:ff:ff
3: p2p1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
link/ether ca:fe:ca:fe:ca:ff brd ff:ff:ff:ff:ff:ff

in my case I have two network cards p33p1 and p2p1

If i move to /etc/sysconfig/network-scripts and make a ls i will see two files

ifcfg-enp2s0 and ifcfg-enp3s0

edit both files to appear like these

BOOTPROTO=none
NAME=<device name>
UUID= <leave as is>
HWADDR=<leave as is>
NM_CONTROLLED=”no”
MASTER=”bond0″
SLAVE=”yes”

Creating bond interface

create a file /etc/modprobe.d/bonding.conf with the content

alias bond0 bonding

Create a file in /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0
BOOTPROTO=dhcp
ONBOOT=yes
BONDING_OPTS=”mode=0 ”
USERCTL=no
NM_CONTROLLED=”no”

reboot your system and enjoy 😛

Acpi problems in Centos with D945GCLF

I decided upgrade my home fileserver computer a D945GCLF motherboard adding a new 10/100/1000 pci ethernet card. After configure the new ethernet controller in my centos 6 and start downloading isos and big files I saw that kacpid process uses one cpu at 100% all time. I check the syslog and hundreds of lines like these appears

ACPI Error (psparse-0537): Method parse/execution failed [\_SB_.PCI0.LPC_.SMBR] (Node ), AE_AML_INFINITE_LOOP
ACPI Error (psparse-0537): Method parse/execution failed [\_SB_.PCI0.LPC_.INIT] (Node ), AE_AML_INFINITE_LOOP
ACPI Error (psparse-0537): Method parse/execution failed [\_GPE._L00] (Node ), AE_AML_INFINITE_LOOP
ACPI Exception: AE_AML_INFINITE_LOOP, while evaluating GPE method [_L00] (20090903/evgpe-568)

If I disable the acpi in grub at next reboot the system lost one core and framebuffer etc etc.

What was the solution?

simply, Just Update the bios to the latest LF94510J.86A.0278.2010.0414.2000

Now I can enjoy 4x more speed that with integrated network card 🙂

new networkcard

mt-daapd Centos 6 EPEL

I was triying to install a mt-daapd service into mi home server and found this error when I was starting the service
service mt-daapd start
Starting DAAP server: mt-daapd: client.c:778: avahi_client_errno: Assertion `client’ failed.
/bin/bash: line 1: 5063 Aborted /usr/sbin/mt-daapd

The problem was that you need the AVAHI daemon running to start mt-daapd server

yum install avahi
chkconfig avahi-daemon on
/etc/init.d/avahi-daemon start

service mt-daapd start

 

 

And now MT-Daap is working